tsdown-migrate
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely documentation-based, providing an AI agent with the necessary context to perform a specific technical migration. No malicious code, obfuscation, or unauthorized network operations were detected.
- [SAFE]: All external links and resources point to official vendor documentation (tsdown.dev) or the vendor's own GitHub repositories (github.com/rolldown), which are legitimate within the context of the skill's author (rolldown).
- [PROMPT_INJECTION]: Analysis for indirect prompt injection (Category 8) was performed as the skill instructs agents to process external project files.
- Ingestion points: The skill instructs the agent to read and modify
tsup.config.tsandpackage.json(SKILL.md, references/guide-package-json.md). - Boundary markers: Absent; the instructions do not specify using delimiters when reading these files.
- Capability inventory: The agent is tasked with file renaming, file reading, and file modification (imports, property values, dependency versions).
- Sanitization: Not specified within the skill instructions.
- Note: This represents an inherent surface area for coding agents rather than a malicious intent of the skill itself. In the context of a migration tool, this is assessed as safe.
Audit Metadata